UPDATED 12:54 EDT / AUGUST 18 2021

SECURITY

T-Mobile says more than 48M people affected by data breach

T-Mobile US Inc. this morning said in a statement that information belonging to more than 48 million past, current and prospective customers was stolen in a breach of its systems.

On Sunday, Motherboard reported that an online forum post offered to sell personal data about T-Mobile customers. The carrier in response launched an investigation and “brought in world-leading cybersecurity experts to help with our assessment.” As part of the investigation, T-Mobile on Tuesday determined that tens of millions of individuals’ data has indeed been compromised.

In its statement this morning, T-Mobile said that the hackers stole records belonging to just over 40 million former or prospective customers who had applied for credit. The hackers also gained access to the account information of approximately 7.8 million current customers of T-Mobile’s postpaid internet plans. The carrier said that the compromised data didn’t include phone numbers, account numbers, PINs, passwords or financial information.

However, the cyberattack did affect files containing the names, phone numbers and account PINs of about 850,000 active customers of T-Mobile’s prepaid plans. “There was some additional information from inactive prepaid accounts accessed through prepaid billing files,” T-Mobile stated. However, the company stressed that “no customer financial information, credit card information, debit or other payment information or SSN” was contained in the inactive accounts’ files. 

T-Mobile said that it has reset the PINs of the 850,000 prepaid customers’ whose information was compromised in the breach. The company added that the breach didn’t affect users of prepaid plans from its Metro by T-Mobile and Boost units. Prepaid customers that moved to the company’s network after its 2020 merger with Sprint were unaffected as well, according to the carrier’s preliminary cybersecurity investigation. 

For the 7.8 million postpaid customers whose information was stolen, T-Mobile has issued a recommendation calling on to them to change their PINs as well. “This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised,” the company stated.

T-Mobile added that it will offer affected users two years of free identity protection services delivered through McAfee Corp.’s ID Theft Protection Service. The carrier plans to launch a webpage later today with information on how customers can take steps to protect their data following the breach.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the carrier said. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”

The cyberattack marks at least the fifth data breach experienced by T-Mobile since 2018. The previous incident occurred last December and affected less than 0.2% of customers, according to the carrier. T-Mobile disclosed the breach this January, detailing that the hackers didn’t compromise any customer names, physical or email addresses, financial data, credit card information, Social Security numbers, tax IDs, passwords or PINs.

Earlier, a cyberattack breached some T-Mobile staffers’ email accounts, which contained account information belonging to a number of T-Mobile customers and employees. Personal data belonging to a “very small single-digit percentage of customers” was separately compromised in a November 2019 incident. And in 2018, T-Mobile disclosed that hackers had stolen information belonging to about 2 million customers.

Photo: T-Mobile

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU